Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 988 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attack on WebAdmin

Owen

Today I received email notifications from the firewall stating that there had been two failed login attempts to WebAdmin.
I have never seen this previously, other than when I have screwed up and entered the wrong password myself.

There is a single entry in the firewall rules that allows TCP 4444 access to WebAdmin login page from the Internal Network. No other rules include this service port.
A check of the reported IP address that attempted the login gives a location of Morocco, which I am pretty sure is not included in my internal network.

Can anyone explain how someone outside my internal network could access my WebAdmin login page?

UTM Release 9.705-3



This thread was automatically locked due to age.
Parents
  • +1

    Hmmmmmmm....

    If I understand you correctly Emmanuel, if a network is included in Management >> WebAdmin Settings >> General >> Allowed Networks this will override the firewall rules.
    If I am honest, that seems quite counter intuitive.

    That said, if that is the cause of my problem (ANY was included here) then it is a simple fix.

  • 0 in reply to Owen

    This is "standard" in WebAdmin, BigO.  You will want to consult #2 in Rulz (last updated 2019-04-17) for other places such a phenomenon exists.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data
Unfiltered HTML